virus/spyware/trojan/malware

my computer is infected by this so- called misleading anti-virus application known as windows protection suite..i have already installed malwarebyte's anti-malware but still the virus cannot remove.my operating system is xp. i dont know what to do.tnx

Hello,

Read this: http://www.geekpolice.net/-t3821.htm

And post your HijackThis log here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:03 PM, on 8/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\4d2eb24\WI4d2e.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ecs\Local Settings\Temporary Internet Files\Content.IE5\462GU1ZX\winlogon[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 64.86.17.56 google.ae
O1 - Hosts: 64.86.17.56 google.as
O1 - Hosts: 64.86.17.56 google.at
O1 - Hosts: 64.86.17.56 google.az
O1 - Hosts: 64.86.17.56 google.ba
O1 - Hosts: 64.86.17.56 google.be
O1 - Hosts: 64.86.17.56 google.bg
O1 - Hosts: 64.86.17.56 google.bs
O1 - Hosts: 64.86.17.56 google.ca
O1 - Hosts: 64.86.17.56 google.cd
O1 - Hosts: 64.86.17.56 google.com.gh
O1 - Hosts: 64.86.17.56 google.com.hk
O1 - Hosts: 64.86.17.56 google.com.jm
O1 - Hosts: 64.86.17.56 google.com.mx
O1 - Hosts: 64.86.17.56 google.com.my
O1 - Hosts: 64.86.17.56 google.com.na
O1 - Hosts: 64.86.17.56 google.com.nf
O1 - Hosts: 64.86.17.56 google.com.ng
O1 - Hosts: 64.86.17.56 google.ch
O1 - Hosts: 64.86.17.56 google.com.np
O1 - Hosts: 64.86.17.56 google.com.pr
O1 - Hosts: 64.86.17.56 google.com.qa
O1 - Hosts: 64.86.17.56 google.com.sg
O1 - Hosts: 64.86.17.56 google.com.tj
O1 - Hosts: 64.86.17.56 google.com.tw
O1 - Hosts: 64.86.17.56 google.dj
O1 - Hosts: 64.86.17.56 google.de
O1 - Hosts: 64.86.17.56 google.dk
O1 - Hosts: 64.86.17.56 google.dm
O1 - Hosts: 64.86.17.56 google.ee
O1 - Hosts: 64.86.17.56 google.fi
O1 - Hosts: 64.86.17.56 google.fm
O1 - Hosts: 64.86.17.56 google.fr
O1 - Hosts: 64.86.17.56 google.ge
O1 - Hosts: 64.86.17.56 google.gg
O1 - Hosts: 64.86.17.56 google.gm
O1 - Hosts: 64.86.17.56 google.gr
O1 - Hosts: 64.86.17.56 google.ht
O1 - Hosts: 64.86.17.56 google.ie
O1 - Hosts: 64.86.17.56 google.im
O1 - Hosts: 64.86.17.56 google.in
O1 - Hosts: 64.86.17.56 google.it
O1 - Hosts: 64.86.17.56 google.ki
O1 - Hosts: 64.86.17.56 google.la
O1 - Hosts: 64.86.17.56 google.li
O1 - Hosts: 64.86.17.56 google.lv
O1 - Hosts: 64.86.17.56 google.ma
O1 - Hosts: 64.86.17.56 google.ms
O1 - Hosts: 64.86.17.56 google.mu
O1 - Hosts: 64.86.17.56 google.mw
O1 - Hosts: 64.86.17.56 google.nl
O1 - Hosts: 64.86.17.56 google.no
O1 - Hosts: 64.86.17.56 google.nr
O1 - Hosts: 64.86.17.56 google.nu
O1 - Hosts: 64.86.17.56 google.pl
O1 - Hosts: 64.86.17.56 google.pn
O1 - Hosts: 64.86.17.56 google.pt
O1 - Hosts: 64.86.17.56 google.ro
O1 - Hosts: 64.86.17.56 google.ru
O1 - Hosts: 64.86.17.56 google.rw
O1 - Hosts: 64.86.17.56 google.sc
O1 - Hosts: 64.86.17.56 google.se
O1 - Hosts: 64.86.17.56 google.sh
O1 - Hosts: 64.86.17.56 google.si
O1 - Hosts: 64.86.17.56 google.sm
O1 - Hosts: 64.86.17.56 google.sn
O1 - Hosts: 64.86.17.56 google.st
O1 - Hosts: 64.86.17.56 google.tl
O1 - Hosts: 64.86.17.56 google.tm
O1 - Hosts: 64.86.17.56 google.tt
O1 - Hosts: 64.86.17.56 google.us
O1 - Hosts: 64.86.17.56 google.vu
O1 - Hosts: 64.86.17.56 google.ws
O1 - Hosts: 64.86.17.56 google.co.ck
O1 - Hosts: 64.86.17.56 google.co.id
O1 - Hosts: 64.86.17.56 google.co.il
O1 - Hosts: 64.86.17.56 google.co.in
O1 - Hosts: 64.86.17.56 google.co.jp
O1 - Hosts: 64.86.17.56 google.co.kr
O1 - Hosts: 64.86.17.56 google.co.ls
O1 - Hosts: 64.86.17.56 google.co.ma
O1 - Hosts: 64.86.17.56 google.co.nz
O1 - Hosts: 64.86.17.56 google.co.tz
O1 - Hosts: 64.86.17.56 google.co.ug
O1 - Hosts: 64.86.17.56 google.co.uk
O1 - Hosts: 64.86.17.56 google.co.za
O1 - Hosts: 64.86.17.56 google.co.zm
O1 - Hosts: 64.86.17.56 google.com
O1 - Hosts: 64.86.17.56 google.com.af
O1 - Hosts: 64.86.17.56 google.com.ag
O1 - Hosts: 64.86.17.56 google.com.ar
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Windows Protection Suite] "C:\Documents and Settings\All Users\Application Data\4d2eb24\WI4d2e.exe" /s /d
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9776 bytes

what follows next after i posted this result.....pls help me....help me pls

Hello mitchika,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

• If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  
• If you have any cracked/pirated software in your computer delete them or we will not help you.
  
• Only follow advise from Geek Police Staff and not a regular member.
  
• Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
  

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: 66.98.148.65 auto.search.msn.com
  O1 - Hosts: 66.98.148.65 auto.search.msn.es74.125.45.100 4-open-davinci.com
  O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
  O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getavplusnow.com
  O1 - Hosts: 64.86.17.56 google.ae
  O1 - Hosts: 64.86.17.56 google.as
  O1 - Hosts: 64.86.17.56 google.at
  O1 - Hosts: 64.86.17.56 google.az
  O1 - Hosts: 64.86.17.56 google.ba
  O1 - Hosts: 64.86.17.56 google.be
  O1 - Hosts: 64.86.17.56 google.bg
  O1 - Hosts: 64.86.17.56 google.bs
  O1 - Hosts: 64.86.17.56 google.ca
  O1 - Hosts: 64.86.17.56 google.cd
  O1 - Hosts: 64.86.17.56 google.com.gh
  O1 - Hosts: 64.86.17.56 google.com.hk
  O1 - Hosts: 64.86.17.56 google.com.jm
  O1 - Hosts: 64.86.17.56 google.com.mx
  O1 - Hosts: 64.86.17.56 google.com.my
  O1 - Hosts: 64.86.17.56 google.com.na
  O1 - Hosts: 64.86.17.56 google.com.nf
  O1 - Hosts: 64.86.17.56 google.com.ng
  O1 - Hosts: 64.86.17.56 google.ch
  O1 - Hosts: 64.86.17.56 google.com.np
  O1 - Hosts: 64.86.17.56 google.com.pr
  O1 - Hosts: 64.86.17.56 google.com.qa
  O1 - Hosts: 64.86.17.56 google.com.sg
  O1 - Hosts: 64.86.17.56 google.com.tj
  O1 - Hosts: 64.86.17.56 google.com.tw
  O1 - Hosts: 64.86.17.56 google.dj
  O1 - Hosts: 64.86.17.56 google.de
  O1 - Hosts: 64.86.17.56 google.dk
  O1 - Hosts: 64.86.17.56 google.dm
  O1 - Hosts: 64.86.17.56 google.ee
  O1 - Hosts: 64.86.17.56 google.fi
  O1 - Hosts: 64.86.17.56 google.fm
  O1 - Hosts: 64.86.17.56 google.fr
  O1 - Hosts: 64.86.17.56 google.ge
  O1 - Hosts: 64.86.17.56 google.gg
  O1 - Hosts: 64.86.17.56 google.gm
  O1 - Hosts: 64.86.17.56 google.gr
  O1 - Hosts: 64.86.17.56 google.ht
  O1 - Hosts: 64.86.17.56 google.ie
  O1 - Hosts: 64.86.17.56 google.im
  O1 - Hosts: 64.86.17.56 google.in
  O1 - Hosts: 64.86.17.56 google.it
  O1 - Hosts: 64.86.17.56 google.ki
  O1 - Hosts: 64.86.17.56 google.la
  O1 - Hosts: 64.86.17.56 google.li
  O1 - Hosts: 64.86.17.56 google.lv
  O1 - Hosts: 64.86.17.56 google.ma
  O1 - Hosts: 64.86.17.56 google.ms
  O1 - Hosts: 64.86.17.56 google.mu
  O1 - Hosts: 64.86.17.56 google.mw
  O1 - Hosts: 64.86.17.56 google.nl
  O1 - Hosts: 64.86.17.56 google.no
  O1 - Hosts: 64.86.17.56 google.nr
  O1 - Hosts: 64.86.17.56 google.nu
  O1 - Hosts: 64.86.17.56 google.pl
  O1 - Hosts: 64.86.17.56 google.pn
  O1 - Hosts: 64.86.17.56 google.pt
  O1 - Hosts: 64.86.17.56 google.ro
  O1 - Hosts: 64.86.17.56 google.ru
  O1 - Hosts: 64.86.17.56 google.rw
  O1 - Hosts: 64.86.17.56 google.sc
  O1 - Hosts: 64.86.17.56 google.se
  O1 - Hosts: 64.86.17.56 google.sh
  O1 - Hosts: 64.86.17.56 google.si
  O1 - Hosts: 64.86.17.56 google.sm
  O1 - Hosts: 64.86.17.56 google.sn
  O1 - Hosts: 64.86.17.56 google.st
  O1 - Hosts: 64.86.17.56 google.tl
  O1 - Hosts: 64.86.17.56 google.tm
  O1 - Hosts: 64.86.17.56 google.tt
  O1 - Hosts: 64.86.17.56 google.us
  O1 - Hosts: 64.86.17.56 google.vu
  O1 - Hosts: 64.86.17.56 google.ws
  O1 - Hosts: 64.86.17.56 google.co.ck
  O1 - Hosts: 64.86.17.56 google.co.id
  O1 - Hosts: 64.86.17.56 google.co.il
  O1 - Hosts: 64.86.17.56 google.co.in
  O1 - Hosts: 64.86.17.56 google.co.jp
  O1 - Hosts: 64.86.17.56 google.co.kr
  O1 - Hosts: 64.86.17.56 google.co.ls
  O1 - Hosts: 64.86.17.56 google.co.ma
  O1 - Hosts: 64.86.17.56 google.co.nz
  O1 - Hosts: 64.86.17.56 google.co.tz
  O1 - Hosts: 64.86.17.56 google.co.ug
  O1 - Hosts: 64.86.17.56 google.co.uk
  O1 - Hosts: 64.86.17.56 google.co.za
  O1 - Hosts: 64.86.17.56 google.co.zm
  O1 - Hosts: 64.86.17.56 google.com
  O1 - Hosts: 64.86.17.56 google.com.af
  O1 - Hosts: 64.86.17.56 google.com.ag
  O1 - Hosts: 64.86.17.56 google.com.ar
  O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  O4 - HKCU\..\Run: [Windows Protection Suite] "C:\Documents and Settings\All Users\Application Data\4d2eb24\WI4d2e.exe" /s /d
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.